I am trying to integrate the Keycloak authentication into my Xamairn forms mobile app. I have created a simple mobile app with a login form.
I need to do below things when login:
After logging in on the mobile app, show the Keycloak login page on a web browser page inside the app. (Using Webview)
Login on keycloak web (inside the app) and get the JWT token.
Call any other REST API using the JWT token.
I researched a lot about this but didn't get anything useful. I found an almost similar thread here, but it is for Flutter.
Also, I found a Keycloak package, 'Owin.Security.Keycloak'. Using this, can we do the authentication?
Related
I am developing an angular +.net core web app(not to be confused with .net core MVC web app).
My UI client uses angular, my backend web api's use .net core 6. I am using external IDP to authenticate my angular app for that I am using AddOpenIdConnect. All though I am not using MVC for my other APIs(using web api type controller) but I pulled in couple of MVC controller(Home and Account) from the sample app present in external IDP's sample project(as I could not find a way how to achieve it with my APIs).
On login button press in my angular app I call this method of Account controller which redirects me to external IDP. After successful authentication I am being redirected to my angular app's landing page (http://localhost:4200/admin) which solves my purpose as far as SSO is concerned. Also in OnTokenValidated event I am getting the access token as well.
Now the problem I have with this approach is:
How can I return this token to my angular app(which is an independent SPA) so that it can be used as authguard for the angular app and for safe guarding other api end points?
I am thinking of making another end point which angular app would call after successful redirection which would return the claims and access token to UI. I tried fetching it from HTTPContext in the end point that I made but it is coming out to be null and User.IsAuthenticated as false.
How can I secure my web api end points with this same access token? I am thinking of using the access token returned to UI after redirection for authentication and then it can be sent back to backend apis in header for authentication. How can I achieve that?
All the example and sample code(even on IDP's website) use .net core MVC. Did I make a mistake by making it a web api project?
I have a Asp.net Core Website, It's using Facebook login (external login) with support of Asp.net Core Identity.
By using Web Browser, after Facebook login success, The facebook website redirect to Asp.net Core Identity endpoint at mywebsite.com/Identity/Account/ExternalLogin?handler=Callback to issuse cookie or JWT token...
As below picture. The GetExternalLoginInfoAsync() will receive Facebook response and return user data to the info variable.
My problem is:
I'm making a android native app. It's also allow using Facebook to login. But, it's Facebook Native installed on Android phone, after Facebook login success, it return access_token, user id to my native app (not send response to mywebsite.com/Identity/Account/ExternalLogin?handler=Callback).
I have tried to manually send Facebook login response from my native app to the endpoint, but GetExternalLoginInfoAsync() return null.
I think Because It didn't called from Facebook, so it return null.
What should I do to make GetExternalLoginInfoAsync() return user infomation by data from my native app
I think you should register a deep link in native app and then add the link in facebook in client you registered as another urlredirect.
I'm trying to use Google Authentication in a VS2015 solution with 2 Asp.Net projects:
an MVC App and
an MVC WebApi.
Logging in with a local username and password works fine. I get back a token after logging in with api/Token from the API and can use this on subsequent httpclient calls to api/xxxxxx methods decorated with [Authorize].
Now I want to add the option to log in with a Google account. I have have managed to get the call to Google working on the front end and get back an Owin.ExternalLoginInfo object, but of course calls to the api/methods fail with
unauthorized.
Can someone tell if it's possible to push that ExternalLoginInfo back to the API and have it be used for authentication in the backend?
I am using the ADAL3 for authenticating on the Azure AD app. Then I use the AuthenticatedClient Async for logging into the Azure backend.
What is the correct strategy for consuming Azure backend and working with token? Do you call AuthenticateClientAsync before each call to the backend to be sure that if the session expires on the backend the token will be used to start the session automatically? What append if the memory save token is expired, do you manually ask users to login again?
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
Thanks for your help.
According to your description, I assumed that Azure Mobile Apps would be the approach for you to work as your mobile backend. And you could authenticate your customers with AAD and leverage the client SDKs provided by Azure Mobile Apps to communicate with your azure mobile app backend.
I would recommend you follow this tutorial for creating your Azure Mobile App and download the sample project for getting started. Then, you could configure your mobile app to use AAD login, details you could follow here. Moreover, more details about how to use the client SDKs for Azure Mobile Apps in your xamarin project you could follow here.
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
After logged via MobileServiceClient.LoginAsync, you would retrieve a JWT token issued by your mobile app backend and you could get it by accessing MobileServiceClient.CurrentUser.MobileServiceAuthenticationToken. And you could cache the token for reusing it. You could wrap the operations against your mobile app backend and catch the exception when the token is expired and manually call LoginAsync to ask the user for logging again or validate the token in your client side and re-login if the token is invalid before you send requests to your mobile app backend. For caching the token and validate the token, you could follow adrian hall's book about Caching Tokens. For wrapping the table operations, you could follow here.
Could you please provide me an example or description how to return an access token to the mobile application with facebook login.
Here is the workflow that I want to achieve:
Mobile user registers via Facebook
User is registered on the server database after successful Facebook login
OpenIdDict Access Token is returned from server to the mobile application
I have already implemented local user password workflow but cannot find any example of Facebook login via mobile app.
The flow you describe is known as the "assertion grant". Read this other SO thread for more information about how to implement it with OpenIddict.